[ubuntu/kinetic-proposed] fribidi 1.0.8-2.1ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Tue Aug 16 15:20:14 UTC 2022
fribidi (1.0.8-2.1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make autopkgtests cross-test-friendly.
* Dropped changes, included in Debian:
- debian/patches/CVE-2022-25308.patch: add checking to length of string
buffer before processing in bin/fribidi-main.c
- debian/patches/CVE-2022-25309.patch: add checking and removal of
dangerous characters before encoding stage, in
lib/fribidi-char-sets-cap-rtl.c
- debian/patches/CVE-2022-25310.patch: add checking for NULL strings,
to avoid potential use-after-free in lib/fribidi.c
fribidi (1.0.8-2.1) unstable; urgency=medium
* Non-maintainer upload by the LTS Team.
* CVE-2022-25308
stack-buffer-overflow issue in main()
* CVE-2022-25309
heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode()
* CVE-2022-25310
SEGV issue in fribidi_remove_bidi_marks()
(Closes: #1008793)
Date: Tue, 16 Aug 2022 08:17:22 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/fribidi/1.0.8-2.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 16 Aug 2022 08:17:22 -0700
Source: fribidi
Built-For-Profiles: noudeb
Architecture: source
Version: 1.0.8-2.1ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 1008793
Changes:
fribidi (1.0.8-2.1ubuntu1) kinetic; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- Make autopkgtests cross-test-friendly.
* Dropped changes, included in Debian:
- debian/patches/CVE-2022-25308.patch: add checking to length of string
buffer before processing in bin/fribidi-main.c
- debian/patches/CVE-2022-25309.patch: add checking and removal of
dangerous characters before encoding stage, in
lib/fribidi-char-sets-cap-rtl.c
- debian/patches/CVE-2022-25310.patch: add checking for NULL strings,
to avoid potential use-after-free in lib/fribidi.c
.
fribidi (1.0.8-2.1) unstable; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2022-25308
stack-buffer-overflow issue in main()
* CVE-2022-25309
heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode()
* CVE-2022-25310
SEGV issue in fribidi_remove_bidi_marks()
(Closes: #1008793)
Checksums-Sha1:
d077cc55956698ec421fd33427ee10a23d8513ca 2442 fribidi_1.0.8-2.1ubuntu1.dsc
b158ebda7cac4afd489deaa902b4c77ac9cd9fad 11024 fribidi_1.0.8-2.1ubuntu1.debian.tar.xz
c8526e76adf9eb20bcc9f3fded64afe107985678 7109 fribidi_1.0.8-2.1ubuntu1_source.buildinfo
Checksums-Sha256:
fbd93cd338a9271ab0e2145560eb89cb9c31c888ed6cb58629e24d41d2086f57 2442 fribidi_1.0.8-2.1ubuntu1.dsc
0673946f7155883f59a0545d1f30c47062fc2e797580277cdbae172e15dbaac3 11024 fribidi_1.0.8-2.1ubuntu1.debian.tar.xz
8d7c2976ebde36596f65622a5b548847ee5a795550c2ed973c823d003a6c76c5 7109 fribidi_1.0.8-2.1ubuntu1_source.buildinfo
Files:
f3e1b77a19266329433f8cc85eb67952 2442 libs optional fribidi_1.0.8-2.1ubuntu1.dsc
3b85067cbce7b44efb66863f5cf8b35c 11024 libs optional fribidi_1.0.8-2.1ubuntu1.debian.tar.xz
2620895071be40d5f1572ec1b37e4f4e 7109 libs optional fribidi_1.0.8-2.1ubuntu1_source.buildinfo
Original-Maintainer: Debian Hebrew Packaging Team <team+hebrew at tracker.debian.org>
More information about the kinetic-changes
mailing list